How do I obtain an Access Token from an Unauthenticated Cognito Identity

Question

I am dealing with a unauthenticated identity, via Cognito and the identity pool.

Here is what I am doing (via Rest API calls):

AWSCognitoIdentityService.GetId -- to register the identity
AWSCognitoIdentityService.GetCredentialsForIdentity -- return credentials for the provided identity ID

What I am confused about, is this:

How can I covert the (temporary) AWS Credentials into an Access Token (so that I can perform calls against the AWS API Gateway)?

Or am I thinking about this the wrong way?

Btw, this is what I have, as my AWS Crendetials:

{
  "Credentials": {
    "AccessKeyId": "...",
    "Expiration": 1649299760,
    "SecretKey": "...",
    "SessionToken": "..."
  },
  "IdentityId": "ap-southeast-2:..."
}

score 0 · Answer 1 · answered Apr 22 '22 at 11:51

0

If your endpoint should work even for unauthenticated users, then just let it without any authorizer.

The Unauthenticated Identity is just a phantom for a user, no one gets authenticated, so you can’t get any authentication token that would guarantee the same.

answered Apr 22 '22 at 11:51

Floh

745
3
16

1

Maybe.. I am able to get the Openid Token, via a call to `AWSCognitoIdentityService.GetOpenIdToken`, this returned in JWT formate. This would allow me to perform validation at the server side, but I see your point re a 'phantom' user. – Colin Schofield Apr 23 '22 at 12:29

How do I obtain an Access Token from an Unauthenticated Cognito Identity

1 Answers1